From 74bf252b2bf429593de24d6f393d06661ea937d4 Mon Sep 17 00:00:00 2001
From: Daniel <dhaavi@users.noreply.github.com>
Date: Thu, 22 Sep 2022 14:40:04 +0200
Subject: [PATCH] Add docker support for hub

---
 tools/Dockerfile         | 23 +++++++++++++++++++++++
 tools/container-init.sh  | 30 ++++++++++++++++++++++++++++++
 tools/start-checksum.txt |  1 +
 3 files changed, 54 insertions(+)
 create mode 100644 tools/Dockerfile
 create mode 100755 tools/container-init.sh
 create mode 100644 tools/start-checksum.txt

diff --git a/tools/Dockerfile b/tools/Dockerfile
new file mode 100644
index 0000000..c91f420
--- /dev/null
+++ b/tools/Dockerfile
@@ -0,0 +1,23 @@
+FROM alpine as builder
+
+# Ensure ca-certficates are up to date
+# RUN update-ca-certificates
+
+# Download and verify portmaster-start binary.
+RUN mkdir /init
+RUN wget https://updates.safing.io/linux_amd64/start/portmaster-start_v0-9-5 -O /init/portmaster-start 
+COPY start-checksum.txt /init/start-checksum
+RUN cd /init && sha256sum -c /init/start-checksum
+RUN chmod 555 /init/portmaster-start
+
+# Use minimal image as base.
+FROM alpine
+
+# Copy the static executable.
+COPY --from=builder /init/portmaster-start /init/portmaster-start 
+
+# Copy the init script
+COPY container-init.sh /init.sh
+
+# Run the hub.
+ENTRYPOINT ["/init.sh"]
diff --git a/tools/container-init.sh b/tools/container-init.sh
new file mode 100755
index 0000000..e512087
--- /dev/null
+++ b/tools/container-init.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+DATA="/data"
+START="/data/portmaster-start"
+INIT_START="/init/portmaster-start"
+
+# Set safe shell options.
+set -euf -o pipefail
+
+# Check if data dir is mounted.
+if [ ! -d $DATA ]; then
+  echo "Nothing mounted at $DATA, aborting."
+  exit 1
+fi
+
+# Copy init start to correct location, if not available.
+if [ ! -f $START ]; then
+  cp $INIT_START $START
+fi
+
+# Download updates.
+echo "running: $START update --data /data --intel-only"
+$START update --data /data --intel-only
+
+# Remove PID file, which could have been left after a crash.
+rm -f $DATA/hub-lock.pid
+
+# Always start the SPN Hub with the updated main start binary.
+echo "running: $START hub --data /data -- $@"
+$START hub --data /data -- $@
diff --git a/tools/start-checksum.txt b/tools/start-checksum.txt
new file mode 100644
index 0000000..a3965eb
--- /dev/null
+++ b/tools/start-checksum.txt
@@ -0,0 +1 @@
+ce290b85aa47073e405da597457299ef2dbf72da4f97199efc8fc8826d43886a  ./portmaster-start